In recent years, Romania has become a more prominent investment location for data centre providers on account of country’s sustained economic growth, the proliferation of the IT&C infrastructure, coupled with Romania’s highly skilled workforce in the IT&C industry and the overall lower operating costs as compared to other countries.
Drawing upon our team’s extensive expertise in data protection applicable regulations affecting various industries, a number of foreign data centre providers retained Țuca Zbârcea & Asociații for advice on the legal implications of moving data centres/ servers to Romania. When prospecting the idea of locating data centres / servers in Romania, services providers should take into account that certain regulatory requirements may apply, especially those concerning data protection/security, including the rules on the governmental access to data. We shall briefly outline below a few of the most common regulatory issues raised by our clients, together with a few recommendations in connection thereto.
How to Determine Whether Romanian Data Protection Law Applies
Law No. 677/2001 on processing of personal data shall apply to data controllers not based in Romania to the extent they use equipment, automated or otherwise, located on Romanian territory, unless such equipment is only used for transiting the data through Romanian territory. These provisions seem conflicting with the provisions of the EU Data Protection Directive, under which national law becomes relevant when data controllers established in a non-EU Member State make use of equipment situated on the territory of EU Member States. This inconsistency between the national law and the EU directive may be explained by the fact that Law No. 677/2001 was enacted before Romania’s accession to the EU.
This article was first published in Just in Case, an electronic magazine by Țuca Zbârcea & Asociații. To read the entire article, please go to: http://www.tuca.ro/just_in_case/